Hey friend! Have fun exploring Q&A, but in order to ask your own
questions, comment, or give thumbs up, you need to be logged in to your
Moz Pro account.
You can also earn access by receiving 500
MozPoints
from participating in YouMoz and the Moz Blog!

hacking and security

Hi, we have had some of our sites hacked and i would like your advice on the situation.

We pay a fair but of money for a dedicated server as we thought that by having a dedicated server it would make the sites secure.

The language we use for our sites are joomla and wordpress but yesterday a few of them on the dedicated server were hacked.

the hosting company have sent us the following info

'There is one extra security improvement on the system we may offer you and it is cloudlinux with cageFS. This improves the overall security on the server but will not stop unsecured code exploiting if such coding is present in your website scripts.'

The hosting company is asking for an extra £20 a month to add this on.

we asked the hosting company what they meant by unsecured code and they said:

'Unsecure coding is code in your scripts which will allow injections of files from external source. Unfortunately better explanation is not available and for any detailed information you may check with experience local web developer.'

We thought that the sites would be secured. The hosting company have said that because one of the sites was not updated from joomla 1.5 to joomla 3.0 which we were planning to do this week, this is the reason why it has happened. However, this does not make any sense, as this is a dedicated server so why has the wordpress sites which are up to date been hacked when they are on the same dedicated server.

any advice in understand more on this issue would be great, as i need to find out why this has happened and if i should be taking my sites to another hosting company

13 Responses

The wordpress hacking was almost surely due to having outdated version of WP, or having a vulnerable plugin installed. There are a few helpful plugins you can use to secure your WP site, plugins like (http://wordpress.org/plugins/better-wp-security/).

also a couple things to note, you should also take basic measures to project the site by changing the default table prefixes of your DB from _wp, create a new admin user and delete the default "admin" accoun & limit access to your wp-admin section in your .htaccess file.... these security plugins will give you a whole checklist of items to "secure".

I don't think its the server, wordpress and other cms are continually hacked. The server can not stop much at all. your code needs stop most hacks, and since wordpress is used by so many, all some one needs to do is hack their own and then they can go out and hack all wordpress sites of the same version.

I have only used dreamhosts shared hosting, don't know about dedicated.

"would you expect the hosting company to let you know that your site has been hacked or is it down to yourself to know"

Generally no, that you be your responsibility (or if your have a maintenance contact with the web developer).

Again dreamhost has some cool auto safe guards eg one of my clients had malware/virus on his pc and was sending out spam, they auto reset the password when it was picked up. I also think they have other auto features to inform you about hacking, but its guaranteed service, its just a bonus they do.

I'm not saying you should go with dreamhost, I'm just telling you what they can/have done, (i have only use a few host companies) but I'm sure there are alot of hosts that do that too (maybe even more).

When you say dedicated do you mean a "managed" dedicated server? or are you in charge of server maintenance?

As for joomla I think there are security updates for 1.5 (best check if its still supported, just make sure you have them upto date. to late now unless you have a backup before the hack then, update straight away and change passwords (there is a how to recover from a hack guide for this on the joomla site)

If the hacker got into you joomla site and was able to get you database passwords and if that was a master user account that also had access to the wordpress database then I could see how they could have gotten into both. Of if the word press site is on the same domain as the hacked joomla site, then again they could get into the wordpress site. Or if you used common usernames or passwords for the different sites.

But the most important with any opensource software is to make sure that your uptodate with security fixes, because as soon as there is a exploit found script kiddies search the web for vulnerable site and have there fun. I'm know what "cloudlinux with cageFS" is but as your host says it would not have stopped this hack.

If each site was on a different domain and were completely separate (separate ftp access, separate mysql database access, no master/common username and passwords etc) then that might point to a problem with the hosting side, but to be honest it really hard to know, with our proper investigation.

Since your not technically minded you would be better getting someone with more technical knowledge to review you current setup to see if it was the hosts failing or it was the way you have your sites set up, there is just too many unknowns to get conclusive help from a forum.

ok thanks. The sites all have their own access but are all on the dedicated server. they can all be gained through a whm where we can change cpanel passwords and usernames but besides that they have no connection.

i am waiting for the hosting company to get back to me, they have been working on this now for over 24 hours, i have sent them some questions but they have said they cannot answer them yet. it seems strange that the wordpress sites were hacked and they were all hacked even though they all had seperate logins

1. The server was not hacked. The application on these account has been compromised. In order to have the exact reason and coding vulnerability which allowed this to happen you may contact certified developer as we do not offer development services at this point.

2. Review the above. What we do is secure the service on the server by applying all the patches available for the same. The coding and the updates on your website functions and coding is your responsibility. The review and patching of any script you use for your website is development related task.

3. Again you will have to request this from expert web developer as s/he may review the coding of your website and provide the reason why and how it has been compromised.

As I said before, if the joomla site shared something like mysql database access then it was most likely not the hosts fault.

I have seen hosts blame opensource cms when actually they were just trying to hide their issues. Its going to be impossible to know until someone looks properly into it (which hosts will not do, which is fair enough).

Hey friend! Have fun exploring Q&A, but in order to ask your own
questions, comment, or give thumbs up, you need to be logged in to your
Moz Pro account.
You can also earn access by receiving 500
MozPoints
from participating in YouMoz and the Moz Blog!
Learn more.